diff options
-rw-r--r-- | README.md | 2 | ||||
-rw-r--r-- | RELNOTES | 2 | ||||
-rw-r--r-- | etc/disable-programs.inc | 3 | ||||
-rw-r--r-- | etc/luminance-hdr.profile | 23 | ||||
-rw-r--r-- | etc/synfigstudio.profile | 17 | ||||
-rw-r--r-- | platform/debian/conffiles | 2 | ||||
-rw-r--r-- | src/firecfg/firecfg.config | 2 |
7 files changed, 49 insertions, 2 deletions
@@ -88,5 +88,5 @@ x11 xpra, x11 xephyr, x11 block, allusers, join-or-start | |||
88 | 88 | ||
89 | ## New profiles | 89 | ## New profiles |
90 | 90 | ||
91 | qpdfview, mupdf | 91 | qpdfview, mupdf, Luminance HDR, Synfig Studio |
92 | 92 | ||
@@ -13,7 +13,7 @@ firejail (0.9.43) baseline; urgency=low | |||
13 | * feature: blocking x11 (--x11=block) | 13 | * feature: blocking x11 (--x11=block) |
14 | * feature: disable 3D hardware acceleration (--no3d) | 14 | * feature: disable 3D hardware acceleration (--no3d) |
15 | * feature: x11 xpra, x11 xephyr, x11 block, allusers, no3d profile commands | 15 | * feature: x11 xpra, x11 xephyr, x11 block, allusers, no3d profile commands |
16 | * new profiles: qpdfview, mupdf | 16 | * new profiles: qpdfview, mupdf, Luminance HDR, Synfig Studio |
17 | * bugfixes | 17 | * bugfixes |
18 | -- netblue30 <netblue30@yahoo.com> Fri, 9 Sept 2016 08:00:00 -0500 | 18 | -- netblue30 <netblue30@yahoo.com> Fri, 9 Sept 2016 08:00:00 -0500 |
19 | 19 | ||
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 54c53e794..8566ea0c5 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
@@ -27,6 +27,9 @@ blacklist ${HOME}/.kde/share/config/okularpartrc | |||
27 | blacklist ${HOME}/.kde/share/apps/gwenview | 27 | blacklist ${HOME}/.kde/share/apps/gwenview |
28 | blacklist ${HOME}/.kde/share/config/gwenviewrc | 28 | blacklist ${HOME}/.kde/share/config/gwenviewrc |
29 | blacklist ${HOME}/.config/qpdfview | 29 | blacklist ${HOME}/.config/qpdfview |
30 | blacklist ${HOME}/.config/Luminance | ||
31 | blacklist ${HOME}/.config/synfig | ||
32 | blacklist ${HOME}/.synfig | ||
30 | 33 | ||
31 | # Media players | 34 | # Media players |
32 | blacklist ${HOME}/.config/cmus | 35 | blacklist ${HOME}/.config/cmus |
diff --git a/etc/luminance-hdr.profile b/etc/luminance-hdr.profile new file mode 100644 index 000000000..e9207fba3 --- /dev/null +++ b/etc/luminance-hdr.profile | |||
@@ -0,0 +1,23 @@ | |||
1 | # luminance-hdr | ||
2 | noblacklist ${HOME}/.config/Luminance | ||
3 | include /etc/firejail/disable-common.inc | ||
4 | include /etc/firejail/disable-programs.inc | ||
5 | include /etc/firejail/disable-passwdmgr.inc | ||
6 | include /etc/firejail/disable-devel.inc | ||
7 | |||
8 | |||
9 | caps.drop all | ||
10 | netfilter | ||
11 | protocol unix | ||
12 | nonewprivs | ||
13 | noroot | ||
14 | seccomp | ||
15 | shell none | ||
16 | tracelog | ||
17 | private-tmp | ||
18 | private-dev | ||
19 | noexec ${HOME} | ||
20 | noexec /tmp | ||
21 | nogroups | ||
22 | nosound | ||
23 | ipc-namespace | ||
diff --git a/etc/synfigstudio.profile b/etc/synfigstudio.profile new file mode 100644 index 000000000..d46467b99 --- /dev/null +++ b/etc/synfigstudio.profile | |||
@@ -0,0 +1,17 @@ | |||
1 | # synfigstudio | ||
2 | noblacklist ${HOME}/.config/synfig | ||
3 | noblacklist ${HOME}/.synfig | ||
4 | include /etc/firejail/disable-common.inc | ||
5 | include /etc/firejail/disable-programs.inc | ||
6 | include /etc/firejail/disable-passwdmgr.inc | ||
7 | |||
8 | caps.drop all | ||
9 | netfilter | ||
10 | nonewprivs | ||
11 | noroot | ||
12 | protocol unix | ||
13 | seccomp | ||
14 | private-dev | ||
15 | private-tmp | ||
16 | noexec ${HOME} | ||
17 | noexec /tmp | ||
diff --git a/platform/debian/conffiles b/platform/debian/conffiles index 0c494c042..86f5564fd 100644 --- a/platform/debian/conffiles +++ b/platform/debian/conffiles | |||
@@ -145,4 +145,6 @@ | |||
145 | /etc/firejail/dosbox.profile | 145 | /etc/firejail/dosbox.profile |
146 | /etc/firejail/mupdf.profile | 146 | /etc/firejail/mupdf.profile |
147 | /etc/firejail/qpdfview.profile | 147 | /etc/firejail/qpdfview.profile |
148 | /etc/firejail/luminance-hdr.profile | ||
149 | /etc/firejail/synfigstudio.profile | ||
148 | 150 | ||
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index ca28d025b..2fec8ef90 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config | |||
@@ -130,6 +130,8 @@ pix | |||
130 | xreader | 130 | xreader |
131 | mupdf | 131 | mupdf |
132 | qpdfview | 132 | qpdfview |
133 | luminance-hdr | ||
134 | synfigstudio | ||
133 | 135 | ||
134 | # other | 136 | # other |
135 | ssh | 137 | ssh |